iDefense Security Advisory 11.30.06: Multiple Vendor libgsf Heap Overflow Vulnerability

Multiple Vendor libgsf Heap Overflow Vulnerability iDefense Security Advisory 11.30.06 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 30, 2006 I. BACKGROUND The GNOME Structured File Library is a utility library for reading and writing structured file formats. This library replaces...

CVE-2006-4514

Heap-based buffer overflow in the oleinforeadmetabat function in Gnome Structured File library libgsf 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large nummetabat value in an OLE document, which causes the oleinitinfo function to...

CVE-2006-4514

Heap-based buffer overflow in the oleinforeadmetabat function in Gnome Structured File library libgsf 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large nummetabat value in an OLE document, which causes the oleinitinfo function to...

CVE-2006-4514

Heap-based buffer overflow in the oleinforeadmetabat function in Gnome Structured File library libgsf 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large nummetabat value in an OLE document, which causes the oleinitinfo function to...

DEBIAN-CVE-2006-4514

Heap-based buffer overflow in the oleinforeadmetabat function in Gnome Structured File library libgsf 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large nummetabat value in an OLE document, which causes the oleinitinfo function to...

CVE-2006-4514

Heap-based buffer overflow in the oleinforeadmetabat function in Gnome Structured File library libgsf 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large nummetabat value in an OLE document, which causes the oleinitinfo function to...

CVE-2006-4514

CVE-2006-4514 affects GNOME Structured File Library (libgsf) 1.14.0 and earlier than 1.14.2. The vulnerability is a heap-based buffer overflow in ole_info_read_metabat that, due to insufficient memory allocation in ole_init_info when handling large num_metabat values in OLE documents, can allow c...

Debian DSA-1221-1 : libgsf - buffer overflow

'infamous41md' discovered a heap buffer overflow vulnerability in libgsf, a GNOME library for reading and writing structured file formats, which could lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plug...

PT-2006-6735 · Baal · Baalasp Forum

Name of the Vulnerable Software and Affected Versions: BaalAsp forum affected versions not specified Description: The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerabilities can be exploited through...

MS Windows COM Structured Storage Local Exploit (MS05-012)

No description provided by source. // by Cesar Cerrudo - Argeniss - www.argeniss.com // MS05-012 - COM Structured Storage Vulnerability - CAN-2005-0047 Exploit // // More exploits at www.argeniss.com/products.html // // Works on Win2k sp4, WinXP sp2, Win2k3 sp0 // Close all runing programs to avo...

PT-2006-3745 · X Cart · X-Cart

Name of the Vulnerable Software and Affected Versions: X-Cart Gold and Pro versions 4.0.18 through 4.1.0 beta 1 Description: The issue allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field in search.php, when the settings specify only "Search in Detailed...

Microsoft Office 2002 - Excel/Powerpoint/Word.. 10.0.2614.0 => 11.0.5612.0

Full archive at http://www.milw0rm.com/sploits/excel03262006.rar Topic : Microsoft Office 2002 - Excel/Powerpoint/Word.. 10.0.2614.0 = 11.0.5612.0 Date : 02/12/2006 Author : posidron [email protected] Table of Contens ================ - Some Excel Information - The XLS File Format and...

MS Office Products Array Index Bounds Error (unpatched) PoC

Exploit for unknown platform in category dos / poc =========================================================== MS Office Products Array Index Bounds Error unpatched PoC =========================================================== Full archive at http://www.milw0rm.com/sploits/excel03262006.rar Top...

wmp_overflow.htm.txt

WMP Plugin EMBED Exploit // Windows Media Player Plug-In EMBED Overflow Universal Exploit MS06-006 // By Matthew Murphy [email protected] // // DISCLAIMER: // // This exploit code is intended only as a demonstration tool for // educational or testing purposes. It is not intended to be used for...

MS Windows Media Player 10 Plugin Overflow Exploit (MS06-006)

Exploit for unknown platform in category remote exploits ============================================================= MS Windows Media Player 10 Plugin Overflow Exploit MS06-006 ============================================================= WMP Plugin EMBED Exploit // Windows Media Player Plug-In...

Microsoft Windows Media Player 10 - Plugin Overflow (MS06-006)

WMP Plugin EMBED Exploit // Windows Media Player Plug-In EMBED Overflow Universal Exploit MS06-006 // By Matthew Murphy [email protected] // // DISCLAIMER: // // This exploit code is intended only as a demonstration tool for // educational or testing purposes. It is not intended to be used for...

Microsoft Windows Media Player 10 - Plugin Overflow (MS06-006)

Microsoft Windows Media Player 10 - Plugin Overflow MS06-006 WMP Plugin EMBED Exploit // Windows Media Player Plug-In EMBED Overflow Universal Exploit MS06-006 // By Matthew Murphy [email protected] // // DISCLAIMER: // // This exploit code is intended only as a demonstration tool for //...

PT-2005-5169 · Quantum Art · Quantum Art Qp7.Enterprise

Name of the Vulnerable Software and Affected Versions: Quantum Art QP7.Enterprise affected versions not specified Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the p news id parameter to API endpoints such as "news and events...

idm405.txt

/ Title : Internet Download Manager = 4.05 universal remote overflow Exploit bug analyse and exploit code by : c0d3r "Kaveh Razavi" [email protected] my advisory : http://www.ihsteam.com/advisory/downloadmanageradv.txt this bug is differnt from what was found in application called altnet download...

Internet Download Manager 4.0.5 - Input URL Stack Overflow

Internet Download Manager 4.0.5 - Input URL Stack Overflow / Title : Internet Download Manager = 4.05 universal remote overflow Exploit bug analyse and exploit code by : c0d3r "Kaveh Razavi" [email protected] my advisory : http://www.ihsteam.com/advisory/downloadmanageradv.txt this bug is differn...